Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2023-6139 | 8 Jan 202420:27 | – | circl |
 | WordPress Plugin Essential Real Estate Security Vulnerability | 8 Jan 202400:00 | – | cnnvd |
 | CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update | 8 Jan 202419:00 | – | cvelist |
 | EUVD-2023-58393 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-6139 | 8 Jan 202419:15 | – | nvd |
 | CVE-2023-6139 | 8 Jan 202419:15 | – | osv |
 | Design/Logic Flaw | 8 Jan 202419:15 | – | prion |
 | PT-2024-14886 · WordPress · Essential Real Estate | 8 Jan 202400:00 | – | ptsecurity |
 | CVE-2023-6139 | 23 May 202504:57 | – | redhatcve |
 | CVE-2023-6139 Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update | 8 Jan 202419:00 | – | vulnrichment |
10
Node
[
{
"vendor": "Unknown",
"product": "Essential Real Estate",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.4.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | path | wp-admin/profile.php | Insufficient access control on profile action allowing authenticated users (subscriber) to perform destructive operation | CWE-284 |
| _wpnonce | request body | wp-admin/admin-ajax.php | AJAX action gsf_save_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
| _current_preset | request body | wp-admin/admin-ajax.php | AJAX action gsf_save_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
| action | request body | wp-admin/admin-ajax.php | AJAX action gsf_save_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
| _wpnonce | request body | wp-admin/admin-ajax.php | AJAX action gsf_import_theme_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
| _current_preset | request body | wp-admin/admin-ajax.php | AJAX action gsf_import_theme_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
| action | request body | wp-admin/admin-ajax.php | AJAX action gsf_import_theme_options can be triggered without proper capability checks, enabling DoS from subscriber accounts | CWE-284 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2025 15:15Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.16.5
EPSS0.00219
SSVC